Data Protection Fears Vs. US Cloud Market

Data sovereignty is so important to businesses that 70% would trade cloud performance for more data control, research says. Where does that leave the post-Snowden US cloud market?

Business attitudes toward the cloud have changed a lot in recent years, but one thing has not: cloud's growth within small businesses, and now larger enterprises, as a standard component of IT operations. The cloud's continued growth is inevitable, because it's one of the best opportunities for organizations to achieve greater IT flexibility, cost efficiency, and value from their data. This year alone, the global cloud market is set to grow more than 126%, according to GigaOm Research.

Yet, despite the prospects for growth, there's room for doubt that the US will dominate the global cloud market. The NSA snooping revelations that broke during last year's "Summer of Snowden" stoked fears around security, compliance, and privacy in the cloud, particularly for businesses in highly regulated industries, and in countries with strict data privacy laws.

When Forrester analyst James Staten notoriously projected last August that the US cloud market would miss out on $180 billion in revenue by 2016 as a result of NSA concerns, people in all corners of the tech industry sat up and listened. Since then, unlikely dissidents, including Google, Microsoft, and Facebook, have made their case to the US government that NSA surveillance needs to be curtailed, or it could seriously hurt their business.

Saber rattling aside, one has to wonder: Just how doomed is the US cloud market? And should government agencies, including the NSA, be concerned?

Unfortunately, the threat to the US cloud market, due to worries about government surveillance, looks real. Non-US businesses are increasingly concerned about the privacy and security of their (and their customers') data. In fact, a recent survey from ResearchNow, commissioned by Peer 1 Hosting, showed 25% of UK and Canadian businesses plan to pull company data out of the US in 2014 as a result of the NSA revelations. The survey also found that most companies are thinking differently about the location of their data post-Snowden: 82% said privacy laws are a top concern for them when choosing where to store data, and 81% want to know exactly where their data is being hosted.

(Source: OpenClip.org/ainara14)

Wariness about US data laws is not a new thing. Many European and Canadian companies have avoided hosting data in the US since the USA Patriot Act in the early 2000s, which permitted the government to inspect data on any servers in the US, even if the data was owned by non-US customers. European companies' concerns around the Patriot Act grew so strong by 2011 that it began to hamper the growth of the cloud industry in Europe, as service providers in France, Germany, and elsewhere limited their customer base by "walling off" their clouds from North America. In fact, an Informa report revealed that European providers accounted for just 7% of carrier cloud investments worldwide in 2011.

Such nuances of the global cloud market used to seem like "somebody else's problem" to US government agencies. But now, with the Snowden leaks confirming data privacy concerns, hesitance to store data in the US may actually boost the growth of the cloud industry in Europe and Canada, to the detriment of the US economy, as customers seek ways to keep their information as far from the NSA as possible.

The data sovereignty issue is in fact so important that 70% of the businesses surveyed by ResearchNow would give up some level of performance to ensure they have control over their data. It's not unreasonable to assume European cloud upstarts can snatch some of their business.

Meanwhile, US government policy mandates have called federal CIOs and other IT executives to adopt cloud technologies, beginning with the Federal Cloud Computing Initiative (FCCI) launched five years ago. The intent of the FCCI was to cut IT costs for federal agencies, but if the number of US cloud vendors begins to dwindle post-Snowden, it could mean government IT

Ben Young is General Legal Counsel at Peer 1 Hosting, where he defends, protects, and enforces Peer 1's legal and business interests, identifies risks, and finds the right solutions to mitigate them. View Full Bio

Excellent article. Data privacy is such a key consideration when using cloud providers and your rightly point out the huge deficiency in business' understanding of the laws. This is particularly true for businesses which operate internationally and must comply with the laws where their customers reside. And "cloud" is a very broad term -- even a process such as email outsourcing can get a company caught up in needing to be aware of the relevant data privacy practices of their third-party provider.

One of the most common causes of data getting in the wrong hands is the loss of mobile devices that often contain a frightening amount of private information. I want to share a protection option that worked for me. Tracer tags (mystufflostandfound.com) let someone who finds your lost stuff contact you directly without exposing your private information. I use them on almost everything I take when I travel like my phone, passport and luggage after one of the tags was responsible for getting my lost laptop returned to me in Rome one time.

Is there a legal structure that could be used to grant cloud clients temporary ownership over the remote hardware they use or temporary ownership of the space their equipment occupies? This would deny the cloud provider the lawful authority to provide access to the hardware in the event of a subpoena.

To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.

Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.